00. Exposing Bulgaria's Kyulev Data Leak Hacker - An OSINT Analysis 
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We've decided to take a deeper look inside the Internet-connected infrastructure of a well known 
Bulgarian data leaker who’s known to have compromised several high-profile targets in Bulgaria 
and is currently offering access to the compromised databases. 


In this analysis we'll take a deeper look inside the Internet-connected infrastructure of Bulgaria's 
Kyulev data leak hacker for the purpose of assisting international Law Enforcement including 
the security industry in terms of monitoring and tracking down the cybercriminal’s activities. 


Sample domains known to have been involved in the campaign include: 


hxxp://reket2021.to 
hxxp://dadsagency.cc 
hxxp://dadsagency.pw 
hxxp://dadsagency.org 
hxxp://dadsagency.ws 
hxxp://dadsagency.xyz 
hxxp://dadsagency.to 
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https://www.bgpost.bg/ https://www.srs.justice.bg/ 


https://mvr.bg/ 


Sample personally identifiable email address accounts known to have been involved in 
the campaign include: 


dadsagency@tutanota.com 
e.kyulev@protonmail.com 


Sample responding IPs known to have been involved in the campaign include: 


104.21.27.11 
172.67.146.108 
104.21.41.181 
104.21.83.44 
172.64.192.34 
104.21.3.46 
104.21.47.22 
172.67.149.89 
216.120.146.201 
172.67.168.238 
199.59.243.200 
172.67.130.60 
104.21.29.102 


172.67.175.244 
64.70.19.34 
172.67.143.137 
104.21.81.185 
104.21.41.58 
64.70.19.203 
172.67.163.98 
91.195.240.117 


We'll continue monitoring the campaign and will post updates as soon as new developments 
take place. 


